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Abstract 



A polymorphic function is parametric if its behavior does not depend on the type at which it is instanti - 
ated. Starting with Reynolds's work, the study of parametricity is typically semantic. In this paper, we de- 
velop a syntactic approach to parametricity, and a formal system that embodies this approach, called system 
Girard's system F deals with terms and types; !^.is an extension of F that deals also with relations be- 
tween types. 

In it is possible to derive theorems about functions from their types, or "theorems for free", as 
Wadler calls them. An easy "theorem for free" asserts that the type V(X)X— >Bool contains only constant 
functions; this is not provable in F. There are many harder and more substantial examples. Various 
metatheorems can also be obtained, such as a syntactic version of Reynolds's abstraction theorem. 
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1. Explicit relations 



A polymorphic function is parametric if its behavior does not depend on the type at which it is instanti - 
ated [Strachey 1967] . A function that reverses lists, for example, is parametric because it does not look at 
the types of the elements of the lists given as inputs. There are important non-parametric polymorphic 
functions, such as a print function that maps values of any type to text representations. With this caveat, it 
can be argued that "truly" polymorphic functions are parametric, and in any case it is the parametric poly- 
morphic functions that form the core of languages such as ML [Milner, Tofte, Harper 1989] . 

Reynolds's work provides a precise counterpart to the informal definition of parametricity just given 
[Reynolds 1983; Ma, Reynolds 1991]. Reynolds's abstraction theorem concerns a language similar to Gi- 
rard's system F [Girard, Lafont, Taylor 1989], and implies that the instances of a polymorphic function at 
different types behave in "related" ways. For example, let f be an expressible function of type V(X)X— >X 
(the type of the identity function), and let f(A) and f(B) be its instantiations at types A and B, respectively. 
In this case, the theorem says that, for any relation 5 between A and B, if (a^^Jthen (f(A)(a),f(B)(b))e5. A 
bit of calculation reveals that the identity function is the only function with this property, so f must be the 
identity function. This is what Wadler would call a "theorem for free" [Wadler 1989] : a result about a func- 
tion that is obtained by examining only its type, and not its code. Reynolds's results about his system sug- 
gest that, more generally, one should view a function as parametric if and only if its instances at related 
types behave in related ways. 

In the preceding discussion, functions, types, and relations are all semantic objects. Reynolds's results 
concern the models of polymorphic languages, such as F, and only indirectly their syntax. Similarly, 
Wadler' s free theorems concern semantic objects in these models, and do not immediately refer to the 
world of syntax, where they might serve in proving properties of programs. 

In this paper we develop a syntactic approach to parametricity. This approach is embodied in an exten- 
sion of F, called where relations between types are constructed and treated formally. In the free theo- 
rems can be stated and proved in a logical framework and without reference to particular classes of models. 
Several of these free theorems come from Wadler' s work, and we hope that our detailed, formal treatment 
illuminates their proofs; others seem to be new and intriguing. Various metatheorems about can also be 
obtained, for example a syntactic version of the ab straction theorem. In all cases our results are not limited 
to closed terms. 

The study of seems to help in clarifying the notions of parametricity and the properties of parametric 
models. Semantic explorations steer a difficult course between heavyweight categorical constructions and 
lightweight fuzzy explanations; in contrast, we use a precise, elementary syntax. With this syntax, it is pos- 
sible to formulate re suits and conjectures that relate the intuitive definition of parametricity ("types are not 
needed at run time") with Reynolds's mathematical one. 

The remainder of this introduction contains an informal technical introduction and a comparison with a 
few recent related works. Sections 2 and 3 introduce its theory, and then some of the free theorems. In 
the conclusions we discuss further work, briefly touching on the semantics of The appendix contains the 
complete set of rules of the system. It also describes a proof, due to Hasegawa, of the inconsistency of an 
earlier version of 

1.1 Parametricity 

As an introduction to parametricity and to we give an example: we prove that all parametric func- 
tions of type V(X)X— >Bool are constant. (Here Bool is the type of booleans as encoded in F: 
V(X)X— »X— »X.) We start with an informal discussion of the functions of this type, then make the reason- 
ing a little more precise, and later, in section 1.2, we introduce the judgments and some of the rules of 
which enable us to formalize the reasoning for this and other free theorems. 



Page 2 



Throughout, we focus on total functions. All computations are assumed to terminate. It is well known 
that the interaction of recursion and parametricity is not entirely trivial, and clearly some strictness condi- 
tions should be added to the relations we consider below in the presence of recursion. 

At the very least, a function f in V(X)X— >Bool maps values of any type to booleans. More precisely: 

(i) If A is a type and b has type A, 
then f(A) maps b to a boolean. 

The primary examples of functions that satisfy (i) are the constant functions whose instances map any 
input to either true or false. But, in some models, there are additional functions that satisfy (i) and that may 
be considered as belonging to V(X)X— >Bool, such as a function zero-p with instances that always map 0 to 
true and any other input to false. It is hard to code these additional functions in such a way that a type- 
checker would accept them, and the resulting code requires the use of types at run time. Hence, none of 
these functions can be considered parametric. Only the constant functions remain. 

The sort of discussion of parametric functions that we just went through, to exclude for example 
zero-p, is vague and not entirely satisfactory; it depends on the use of particular models and on implemen- 
tation intuitions. Reynolds's more satisfactory approach is based on relations between types. But before we 
discuss relations in general, it is convenient to introduce the per model [Longo, Moggi 1991], which is 
based on special relations. 

In per semantics, types are interpreted as pers, that is, as partial equivalence relations (symmetric and 
transitive relations on the universe of values). Intuitively, b and c are related by the type A if they are equal 
elements of A, and in particular b is related to itself if it is an element of A. For example, A may be the type 
of all records with a field n of type Nat, and b and c may be two records that have a field n with the value 3, 
but differ on other fields; in this case b and c are related by A. We write b[A]c for (b,c)eA. 

Given two pers A and B, the set of all functions from A to B is also represented as a per: 

f[A-»B]g iff for all x, y, if x[A]y then f(x)[B]g(y) 

That is, two functions are equal in A— >B if they map inputs equal in A to results equal in B. Universal 
quantification is interpreted as intersection, with bound variables ranging over pers. 

For example, in the language of pers, the condition for f to be in the type V(X)X— >Bool is that 
f[V(X)X-»Bool]f. It follows that f(A)[A->Bool]f(A), for all A, and then: 

(ii) If b and c are equal as elements of A, 

then f(A) maps b and c to the same boolean. 

In the per model, the only functions of type V(X)X— >Bool are the two obvious constant functions (but this 
does not follow from (ii) alone). When A is a record type, for instance, requirement (ii) implies that f(A)(b) 
cannot depend on fields in b not shown in the definition of A. 

Reynolds's work does not assume a per semantics, but his notion of parametricity can be seen as a 
strengthening of requirement (ii); in this example, it says: 

(iii) If S is a relation between types A and B, with a in A, b in B, and 5 relating a and b, 
then f(A)(a) and f(B)(b) are equal booleans. 

Requirement (ii) corresponds to the special case where A = B, and S is the identity relation on A. 

Intuitively, as Reynolds suggests, we may think of A and B as two different representations of the 
same type, and of a and b as two different representations of the same value; then requirement (iii) means 
that the function f re spects representation abstractions and, for each input, f returns re suits independently of 
the representation of the input. 

In order to state the general form of (iii), we extend the operations -> and V. They are defined on arbi- 
trary relations just as they were on pers, except that the variables bound by V (now written U, V, W, X, ...) 
range over all relations, not just over pers. With this notation, there is a natural relation A* associated with 
each type expression A. This is the relation denoted by the type expression A where all quantified variables 
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are interpreted as ranging over arbitrary relations rather than over pers. For example, the relation 
(V(X)X^Bool)* is WHW^Bool*,and(V(X)X->Y)*is VfH^-)Y, 
The general form of (iii) can now be stated: 

An element of type A is related to itself by the associated relation A*. 

Essentially, Reynolds's abstraction theorem says that all the functions expressible in F satisfy this property. 
Thus, according to the abstraction theorem, if f is expressible with type V(X)X— >Bool, then f must be re- 
lated to itself by VfWJW — > Bool *. It follows that if A and B are two types and S is a relation between 
them, then f(A) and f(B) are related in i— >Bool*, and so if S relates a and b it follows that Bool* relates 
f(A)(a) and f(B)(b), as stated in (iii). 

With (iii), it is simple to prove that constant functions are the only elements of the type considered: Let 
f be a function of this type, let A be a type, and let S be the relation between A and Bool that associates ev- 
ery element of A with true. Then f(A) and f(Bool) are related by S— >Bool*, and if a is an element of A then 
f(A)(a) and f(Bool)(true) are related by Bool*, that is, f(A)(a) is equal to the fixed boolean f(Bool)(true), in- 
dependently of A and a. By exten sionality, f is one of the two constant functions. (The use of Bool and true 
is arbitrary; they can be replaced with any other closed type and closed term of that type.) 

Reynolds's notion of parametricity is not limited to binary relations. We consider only binary relations 
for simplicity, and because they are powerful enough in deriving all the familiar consequences of para- 
metricity. 

1.2 Formalizing parametricity 

Reynolds's relational approach to parametricity lends itself to a syntactic treatment. System Ot provides 
such a treatment, based on judgments and rules in the style of those of F. 

Three judgments generalize those of system F (described in the appendix): 

h E E is a legal environment 

A 

Eh t %. is a relation between types A and B in E 

B 

a : A 

E h Ot ft relates a of type A and b of type B in E 

b : B 

An equality relation on values is not needed. Instead of writing that b and c are equal in A, we can promote 
the type A to a relation A* (between A and A; intuitively, the identity relation) and write that A* relates b 
and c. As a consequence we write: 

b : A 

Eh A* corresponding to the F judgment E h b = c : A 

c : A 

The environments of ft contain two sorts of assumptions, directly inspired by the corresponding ones 
for F environments: 

X 

'W Wis a relation variable between type variables X (domain) and Y (codomain) 

Y 

x : A 

ft the variables x and y have types A and B, respectively, and are related by Ot 

y : B 
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Using these judgments, we now review some of the central rules of We start with rules that imitate 
those of F for — > and V. 

The introduction and elimination rules for -> are, respectively: 

x:A b:B B b : A H> B a:A 

E, K. h S Eh S \y h Eh t^>S Eh 

x* : A* b* : B* B' X f D b' : A'-» B' a' : A' 



A(x:A)b : A^B b(a) : B 

Eh %.^>S Eh S 

A(x':A')b' : A'->B' b'(a') : B' 

These rules follow the same pattern as the F rules: 

E, x : A h b : B E h b : A — > B Eha:A 

EhA(x:A)b : A^B Eh b(a) : B 

The introduction rule says: Assume that if relates x of type A and x' of type A', then S relates b of type B 
and b' of type B'. Then 3^— > S, a relation between A— »B and A'— >B', relates the functions A.(x:A)b of type 
A->B and A,(x':A')b' of type A'— >B'. An extra hypothesis that S relates B and B' is added to simplify our 
technical lemmas. The elimination rule works in the opposite direction, applying related functions to related 
arguments and obtaining related results. 

The introduction and elimination rules for V are: 

X b : B Y , . , R , c b : V(X)B C 

E, W h S y' A'b'c Eh V ^ EhT 

X' b' : B' A * D,J3 ' J> b' : V(X')B' C 



A(X)b : V(X)B b(C):B{X^C} 
E h V» E h SfW <- 1} 

A(X')b' : V(X')B' b'(C') : B'fX'^C'} 

These rules follow the same pattern as the F rules: 

E, X hb : B E h b : V(X)B E h C 

E h A(X)b : V(X)B E h b(C) : B{X <- C} 

The introduction rule says: Assume that if TV is a relation between types X and X', then S relates b of type 
B and b' of type B'. Then VfWjS, a relation between V(X)B and V(X')B', relates the polymorphic terms 
A,(X)b of type V(X)B and A,(X')b' of type V(X')B'. Again, the elimination rule works in the opposite direc- 
tion: it applies two related polymorphic terms to related types, obtaining related instances. 
The system has three rules for variables: 

(Rel Val xr^y) (Rel Val 2^0 (Rel Val $j) 

x : A x : A x : A 

hF, t ,E" h E' , , E" h E' , , E" 

y : B y : B y : B 



x:A x:A x:A x:A x:A y:B 

E' , , E" h %. E' , %, , E" h A* E' , , E" h B * 

y:B y:B y:B x:A y:B y:B 

The first rule is straightforward. The other two formalize our parametricity condition. For our example of 
section 1.1, these two rules imply that if a variable f has type V(X)X— >Bool then f is related to itself by 
\l(<WfW — > Bool *. From here we can apply the elimination rules for V and — >, and obtain (iii). This kind of 
reasoning is common in our examples of section 3. (In [Abadi, Cardelli, Curien 1993], we had adopted a 
different formalization of parametricity; it turned out to be inconsistent, see the appendix.) 

The preceding rules, together with the rules of P and r| conversion, form the core of the fragment of 
that deals with relations built from variables, — >, and quantifiers. This basic system, called Hf, is sufficient 
to encode F: 
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a : A 

if F proves E h a : A then proves Eh A* 

a : A 

This is a syntactic version of Reynolds's identity extension property. For closed terms, it can be proved 
without appeal to parametricity, that is, without using (Rel Val 5^x) or (Rel Val %y). We also obtain all F 
equalities: 

a : A 

if F proves E h a = a': A then H{° proves Eh A* 

a' : A 

But is not very powerful without some additional methods for constructing relations. In fact, under the 
encoding just suggested, !R? is a conservative extension of F. 

Until now, the relational constructions have followed closely the ordinary type constructions. In addi- 
tion we allow relations defined from functions, obtaining a system called %}: 

a ' A 

E h b : A -> B Eha:A Eh (b) E h b : A — > B 

c : B 

a : A b(a) : B 

E h (b) E h B * 

b(a) : B c : B 

a: A 

where E h a : A is an abbreviation for Eh A* (and similarly for b). 

a: A 

With these rules, terms can be turned into relations: any function b from A to B can be seen as a rela- 
tion (b) between A and B, intuitively the graph of the function. The rules for functional relations have no 
analogue in F. Our formalism yields the results typically associated with parametricity only when we in- 
clude rules for constructing functional relations. Functional relations are often useful for obtaining free the- 
orems; for the example of section 1.1, the relevant functional relation is a constant one, obtained from the 
function from A to Bool that maps any a in A to true. 

One can easily imagine mechanisms for defining relations beyond taking the graphs of functions. We 
have not yet found examples where these mechanisms are needed. 

1.3 Related work 

By now there are many papers on semantic aspects of parametricity ([Bainbridge, et al. 1990; 
Hasegawa 1991; Ma, Reynolds 1991; Hasegawa 1992; Mitchell, Scedrov 1992], and others). On the other 
hand, the syntactic study of parametricity is rather new. Some recent work is related to ours. 

Mairson advocated and developed a syntactic approach to parametricity in order to provide careful 
formal versions of some of Wadler's theorems [Mairson 1991]. Mairson' s approach consists in translating a 
polymorphic language into a second-order logic. Because the second-order logic used is fairly weak, induc- 
tion arguments become necessary in some of the proofs; our proofs, like Wadler's, do not rely on induction. 
Mairson treated a system with implicit typing; this stands in contrast with our approach where types and re - 
lations are treated explicitly. The resulting formalisms have very different properties. 

Cardelli et al. have defined F < . , an extension of F with subtyping [Cardelli, et al. 1991] . Curiously, the 
rules for F <: capture some aspects of parametricity, but they do not provide a full account of it. 

Ma suggested another syntactic approach to parametricity [Ma 1992] . It is based on encoding relations 
using subtyping. The power of Ma's system seems to be less understood; there is also some difficulty in 
finding a model for all the desired subtyping rules. 
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Longo, Milsted, and Soloviev investigated parametricity in a system like F with just one new rule (a 
special case of one of the rules of F < .) [Longo, Milstead, Soloviev 1993] . The system is weaker than and 
leads to different sorts of results. 

Finally, Plotkin and Abadi explore an alternative formalization of parametricity closer in spirit to Mair- 
son's [Plotkin, Abadi 1993]. That paper describes a second-order logic with an axiom of parametricity; the 
logic is not an extension of system F, like 5^, but rather a logic about system F terms. 

2. Formal parametricity 

In this section we describe our formalization of parametricity. We aim at a hypothetical system that 
would be sufficient to prove all the desired parametricity properties of polymorphic programs. Our current 
approximations are called 3{° and Kj; they are treated in sections 2.1 and 2.2 respectively. 

The system is a rather weak system of pure relations with relational constructions induced by the 
type constructions of F. A number of technical lemmas can be proved for m?, and these lead to several in- 
teresting metatheorems. For example, a suitable encoding of F in 3^ yields all F typings and F equalities. In 
addition, 9^ is a conservative extension of F for typing and equality derivations. The abstraction theorem 
and the identity extension property hold in but they are not very useful (as the conservativity result indi- 
cates) without some additional means for constructing relations. Hence, we extend %° with functional rela- 
tions, obtaining Relation expressions become dependent on value expressions, and the syntactic proper- 
ties of the system become slightly more complex. Fortunately, most metatheorems extend easily to 
simply because derivations are also derivations. As a typing system, is still conservative over F, 
but new equations are provable. 

Unless otherwise indicated, the proofs of this section are structural inductions on derivations. The 
proofs are long but not difficult, if carried out in the order of presentation of the claims. We point out the 
crucial dependencies. 

2.1 Relational interpretation of system F (system 

We use h F for derivations in F, and (or simply h in this section) for derivations in Our for- 
malization of system F is listed in the appendix; note the explicit form of the equality judgments 
(El- a = b : A ), which include type and environment information. The complete rules for system !R? are 
also listed in the appendix. 

In section 2.1.1 we establish the most basic metaproperties of system . In section 2.1.2 we relate typ- 
ing in F with typing in . In section 2.1.3 we state more structural lemmas for In section 2.1.4 we 
show the soundness and completeness of F equality in 1^°, that is, we show that F and !R? prove the same 
equations. The main result of the section is theorem (Partial relational interpretation of F), which is split 
across sections 2.1.2 and 2.1.4. Remarkably, this theorem yields as corollaries both the abstraction theorem 
and the identity extension property. 

2.1.1 Basic structural lemmas 

Notation 

• We write dom(E) for the domain of E, that is, the collection of all the variables introduced by an envi - 
ronment E. 

• oc-identifications. As usual, we identify terms up to renaming of bound variables. These identifications 
can be made directly in the syntax, that is, without knowing whether the terms involved are the product of 
formal derivations in the system. Environments, however, are not identified up to renaming of variables in 
their domain; environment variables are kept distinct by construction. A more formal approach would use 
de Bruijn indices for free and bound variables [de Bruijn 1972] . 
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• We use the following metavariables: x,y,z range over value variables; X,Y,Z range over type variables; 
W,X range over relation variables; a,b,c,d range over value terms; A,B,C,D range over type terms; 3^,S,T,Z1 
range over relation terms; E ranges over environments. 

• We write 0 for the empty environment; we often omit this symbol. 

A a : A 

• We use J to stand for either or %. . 

B b : B 

• By <— t} we indicate the substitution of x for "% in every component of % where \ can be one of 
x,X,W, and x can be one of a,A, Similarly, E{£ <— t}, with \ £ dom(E), indicates a substitution in every 
component of the environment E. Note though that J7{X <— 1{) may not be well-formed if J contains value 
terms. 

• By Jw ! 1 f andj/<£ 2 <— T 2 >, where are distinct, we indicate simultaneous substitutions per- 

formed as above (and similarly for an environment E in place of J, with i dom(E)). 

• For a type A, the relation A* is defined inductively as follows: 

X* = X 

(A->B)* = A*-*B* 

(V(X)B)* = V/WJCB*{X<-^}) 

• We use the following abbreviations in order to embed F notation in Kj. 

A a : A 

Eh A = Eh A* Eh a : A = Eh A* 

A a : A 

X X 
h E, X, E = h E, X , E' E, X, E' h J = E, X , E h J where X, X' are fresh 

X' X' 

x : A x : A 

h E, x : A, E' = h E, A* , E' E, x : A , E h J = E, A* , E' h J where x' is fresh 
x':A x' : A 

We start our study of with three basic structural lemmas: 
Lemma (Renaming) 

Assume x',y',X',Y',<W' £ dom(E,E')u{x,y,X,Y,TV }. Then: 

X X' fX<-X'l X X' fX<-X'l fX<-X'l 

• h E,W,E' => \-E,W,E \W .E,W,E'\-J => E,W ',E'\W <- W ) h jhw <- W '\ 

Y Y' [ Y <- Y' J Y Y' [ Y <- Y' J [ Y <- Y* J 

. hE, X ^ A ,E' => hE, X %. A ,E'| X !~ X ] .E, X ^ A ,E'hj7 => E, X %. A ,E'( X f" h J/| X *~ X ] 
y-B y'-B y?B y' :B l y ^ y ' l y ^ y J 

Moreover, the derivations of the conclusions can have the same size as the derivations of the assumptions. 
Lemma (Implied judgments) 

(1) • h E, E' => hE .E,E'hj7 => hE 
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X 

(2) »\-E,W,E' => X,Y,W£ dom(E,E'), X,Y, TV distinct 
Y 



x : A A 
• hE, ,E' => Eh ^ a x,y £ dom(E,E'), x,y distinct 
y : B B 



Lemma (Weakening) 

Assume hE, E" and dom(E")ndom(E')=0- Then: 



. h E, E' => h E,E",E' 



. E,E' h 3 => E,E",E'hj/ 



2.1.2 From F to Hi" and from tR? to F (typing) 

First, we show the conservativity of ^,°over F for typing. We need a definition for flattening an ^envi- 
ronment E into an F environment (E) F . The relation part of E is forgotten in (E) F : 



Definition (Environment flattening) 



(0)f = 0 



E,W 



(E) F ,X,Y 



f x : A^ 
E, %, 



= (E) F ,x:A,y:B 



Theorem (Flattened F derivations from ^.derivations) or (Conservativity over F for typing) 

(1) hE ^ h F (E) F 

A 

(2) Eh t => (E) F h F A a (E) F h F B 

B 

a : A 

(3) E h $i => (E) F h F a : A a (E) f h F b : B 

b : B 

Conversely, there are several possible encodings of F in . To each type variable X, we associate a 
fresh type variable X, and a fresh relation variable X between X and X,. We proceed similarly for value 
variables; for example, to each x of type A we may associate a fresh Xj of type A related to x by A*. This 
enables us to map F environments to ^"environments. Then, for each use of a type variable X in an F 
judgment, there will be uses of X, X, or X[ in a corresponding %° judgment. We have some freedom in 
choosing between X, X, and X,. We have a similar freedom in the choice of value variables. We can use 
this freedom to provide several different encodings of F in 5^". 

After some technical definitions, we present our most general encoding in theorem (Partial relational 
interpretation of F). We obtain two simpler encodings as corollaries. 

Definition (Decorating variables) 

Let S be a set of type and value variable names. The translation: 
l-t 
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decorates with a numerical subscript n every variable not belonging to S but occurring free in an expres - 
sion. For example: 

[A(x : V(Y)X -> Y) y(z)]S yl = A(x : V(Y)X, -> Y) y(z,) 

We assume that variable decorations are always chosen so as not to introduce variable clashes. 

Definition (Types as relations) 

Let Z be a set of type and value variables. The translation [A]^ is defined as follows: 

pq* = x (XeS) 

[X]| = X (XeS) 
[A->B]' = [A]*->[B]* 
[V(X)B]' = VW([B]| V{X) ) 

Thus, the translation transforms type quantifiers into relation quantifiers, and free type variables not belong- 
ing to E into free relation variables. In particular, if E h A and S=dom(E), then [A]^ is A*. 

Definition (Environment decoration) 

Let S be a set of type and value variables and let E be an F environment. The translation [E] * is defined as 
follows: 

[0]l = 0 

_ X 

[E,X]* = [E]i, X 

1 x, 

x: A 

[E, x : A] * = [E]i, [A]* 

1 1 ^ _ 

x, : [A]f 

Theorem (Partial relational interpretation of F) 

(1) h F E, E' => E, [E'] d °r 

(2) E, E' h F A => E, [E'] d °? E) [A]f m<E) 

[A] dom ' E ' 

(3) E, E' h F a : A => E, [E'] d °? E) [A]*^> 

|" a jdom(E) . j-^jdom(E) 

Note that the occurrences of E on the right of the implications are abbreviations for ^environments, as de- 
fined in section 2. 1 . 1 . 

Proof 

The proof of this theorem (and of its continuation in section 2.1.4) is by induction on F derivations, for any 
division of environments into two parts, E and E'. In the proof of (3), the variable cases are settled using 
(Rel Val x5^y) for variables in dom(E'), and using (Rel Val 5^x) for variables in dom(E). 
□ 

We emphasize the two special cases where E and E' are empty, respectively: 
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Corollary (Relational interpretation of F) 

(1) h F E' => h^° [£']* 

(2) E'h F A => [E']l [A]° 

[A]f 

a : A 

(3) E' h F a : A => [£']* h* [A]® 

[a]? : [A]? 

Part (3) of this corollary is a syntactic version of Reynolds's abstraction theorem. It can be proved directly, 
and its proof does not require the use of parametricity (that is, the use of the rules (Rel Val %x) and (Rel 
Val^y)). 

Corollary (Soundness of F in 30 

(1) h F E => h*° E 

(2) E h F A => E h^° A 

(3) E h F a : A => E h*° a : A 

Part (3) of this corollary is a syntactic version of Reynolds's identity extension property. We refer to it by 
that name in the sequel. 

We close this section with another lemma about flattening. Its proof is very similar to that of the theo- 
rem (Partial relational interpretation of F). 

Lemma (^.derivations from flattened F derivations) 

(1) h E a (E) F h F A => Eh A 

(2) h E a (E) F h F a : A => E h a : A 

Proof 

We prove the statements (1) and (2) as instances of the following more general statements, which are 
proved as the corresponding statements (l)-(3) of the theorem (Partial relational interpretation of F): 

(1') hE a h F (E) F ,E' => E,[E']T 

(T) hE a (E) F ,E'h F A => E,[E'] d °? E> [A]f m<E) 

j-^jdom(E) 

a " A 

(3') hE a (E) F ,E'h F a:A => E,[E'] d °? E) h^° [A]£ m(E) 

[a] dom(E). [A] dom(E) 

□ 

Before extending some of these results to equality judgments (in section 2.1.4), we complete our col- 
lection of structural properties of 5^°. 
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2.1.3 Structural lemmas (continued) 



Lemma (Rel Id) 

A 

Eh ^ => Eh A a Eh B 
B 

Proof 

0 A 

From Eh 51 we derive (E) F h F A and (E) F h F B by theorem (Flattened F derivations from ^deriva- 
B 

tions), and conclude by lemma (^derivations from flattened F derivations). 
□ 

Lemma (Type substitution) 

C 

Assume E h U . Then: 
D 



Proof 

We mention only that the case (Rel W) requires lemma (Weakening), and that the case (Rel fVK) requires 

lemma (Rel Id) in addition. 

□ 

With similar proofs, we obtain: 



Lemma (Rel Val Refl) 

a " A 

Eh %. => Eh a: A a Eh b : B 
b : B 



Lemma (Value substitution) 

z : D 

(1) hE, U ,E' => h E, E' 
z' : D' 



(2) 



(1) 




(2) 



z : D A A 

E, U ,E' h => E,E' h % 
z' : D' B B 



(3) 



d:D z:D a:A a:A 

Eh U a E, U ,E' h 31 => E,E' h 

d' : D' z' : D' b : B b : B 




Page 12 



Lemma (Implied judgments) 

a " A A 
(3) Eh «L => E h %, 
b : B B 

We conclude with some derived rules that generalize the ^ rules for (3 and r| equivalence. 
Lemma (Generalized beta/eta) 

(Gen Beta) 

x : A b : B a : A 



x^b',5 

x' : A' b' : B' a' : A' 

(A(x:A)b)(a) : B b{x <— a} : B 

Eh S Eh S 

b'{x'<-a'} : B' (A(x*: A' )b*)(a*) : B' 

(Gen Beta2) 

E,Wh h S B EhS x^'bUi 

X' b' : B' C X I b ' B ' S 

(A(X)b)(C) : B{X<-C} b{X<-C} : B{X<-C} 

E h SfW <r-1} Eh SfW <- 17 

b'{X'^C'} : B'{X'^C'} (X(X*)b*)(C*) : B'{X'<- C'} 

(Gen Eta) 

b : A^B 
Eh %,^>S x,x'£dom(E) 

b' : A'->B' 

A(x:A)b(x) : A^B b : A -> B 

Eh $L^>S Eh IL^S 

b' : A'-»B' A(x': A')b'(x') : A'h> B' 

(Gen Eta2) 

b : V(X)B 
Eh V» X,X'£dom(E) 

b' : V(X')B' 

A(X)b(X) : V(X)B b : V(X)B 

Eh V» Eh V» 

b' : V(X')B' A(X*)b*(X*) : V(X*)B* 



2.1.4 From F to and from to F (continued) 

In this section, we complete the material of section 2.1.2 by showing that the same equalities can be 
derived in F and in %J>. We begin by extending the theorem (Partial relational interpretation of F) to equali- 
ties. 

Lemma (Environment redecoration) 

Let h F E, E'. If E, E' h* J and no variables from the middle or bottom of E,E' occur free in 3, then 

E, [E ] % h^ J . 
1 

Proof 

Let ~ denote the renaming of all the variables X and x in dom(E') with fresh X and x . 
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Then E, E' J, and by weakening E, [E'] d °? E> , E' h*° jr. 
Moreover, for every X ; in E' we have E, [E'] x \- x X; by (Rel WX), 

o X J :A J 

and for every Xj Aj in E' we have E, [E'] «. Aj* by (Rel Val 3{x). 

Xj : Aj 

By repeated applications of (Type substitution) and (Value substitution) to E, [E'] d ™ <E) , E' J , elimi- 
nating the variables of E' from left to right, we obtain: 



X <r- X 

E. [E'] d °? E) h*° ]\x[^x[ 
X^X, 



Xj ^ Xj 



Xj ^ Xj 



The bottom three sets of substitutions are vacuous by assumption. The top two sets of substitutions trans - 

form jr back into J. 

□ 

Theorem (Partial relational interpretation of F) 

(4) E, E' h F a = b : A => 

a: A , _ „ b: A 



E,[E'] d T (E) [A]'r (E) and E,[E']T [A]' 



dom(E) 



j-^jdom(E) . |-^jdom(E) ^jdomfE) . |-^-|dom(E) 

Proof 

The cases (Val Beta), (Val Beta2), (Val Eta), and (Val Eta2) are solved with the (Generalized beta/eta) 
lemma. We detail the case (Val Eq Trans). If E, E' h F a = b : A and E, E' h F b = c : A, then, apply- 
ing (4) to 

E, E' h F a = b : A with the splitting (E,E'),(0) of E,E', and to 



E, E' h F b = c : A with the splitting (E),(E*), 



we get: 



e, e\ [0] don f' E) [A] d ; m ^ B) 



j-^jdom(E,E') . j-^jdom(E,E') 



and 



E, [E'] d 7 (E) [A]*^> 

[c] dom<E) : [A] dom<E) 

o a: A 

The former can be written more simply E, E' A* 

b: A 



dom(E) 0 ^ * A 

so, by lemma (Environment redecoration) E, [E'] n. A* . 

1 b: A 
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The conclusion 

E, [E'] d t E) h *° [<°^ E) 

[c ]dom(E). [A] dom(E) 

follows by (Rel Val Saturation Lft). The other judgment relating c and [a]f om(E) is proved similarly. 
□ 

Again, we obtain two interesting special cases: 

Corollary (Relational interpretation of F) 

(4) E' h F a = b : A => 

[E']!h*° ?A]f and [E']l Ja^ 

[b]f : [A]f ' [a]f : [A]f 

Corollary (Soundness of F in 90 

a " A 

(4) E h F a = b : A => Eh** A* 

b: A 

The final theorem about S{° is a conservativity result; it states that if two terms are related in H{° by a 
type, then they are provably equal in F modulo renamings of free variables. Some definitions are needed to 
express the necessary renamings: 

Definition (E T , EJ 

E T is the F environment built from the top part of the ^environment E. Note that h t E* h F E T . 



0 T = 0 



E T ,X 



x: A 
E, %. 
y:B 



= E T ,x:A 



E ± is defined symmetrically from the bottom part of E. 

Definition ( E*, E„) 

{E^} is the substitution that replaces Y by X for each W in E, and 

Y 

x : A 

replaces y by x for each in E. 

y : B 

{E^} is defined symmetrically. 

Theorem (Conservativity over F for equality in H?) 

V % ° E => h F E T {E JJ } a h F E ± {E 1t } 

Eh 4 " t => E T {E^} h F A{E^} a EJE^} h F BfE^} 
B 
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a : A 

Eh^° A* => E T {E } h F (a = b : A){E } a E ± {E„} h F (a = b : A){E fr } 
b : A 

For example, here is an instance of the third implication of the theorem: 

Xx:X x:X (X,x : X){Y <- X, y x} h F (x = y : X){Y X, y ^ x} 

W, X \- ,Ji X => 

Yy:X y:X (Y,y : X){X <- Y, x <- y} h F (x = y : X){X <- Y, x <- y} 



that is: 



Xx:X x:X X,x:X h F x = x : X 

W, X \- ,Ji X => 

Yy:X y:X Y,y: Yh F y = y : Y 



2.2 Functional relations (system ) 

In this section we use h* (or simply h ) for derivations in S^ 1 . The complete rules for system are 
listed in the appendix. Since the rules of %J> are included in we have: 

Lemma (Transfer) 

For every derivation there exists an %} derivation which has the same size and shape and the same con- 
clusion. 

The following results from section 2.1 extend to by uniformly replacing KS derivations by %} 
derivations in the statements: (Renaming), (Weakening), (Flattened F derivations from ^derivations), (5^ 
derivations from flattened F derivations), (Rel Id), (Type substitution), (Rel Val Refl), (Implied judgments), 
(Generalized beta/eta), (Partial relational interpretation of F), (Relational interpretation of F), and 
(Soundness of F in ^ ). The %} proofs use either straightforward extensions of the 3^° inductions, or the 
(Transfer) lemma. 

The value substitution lemma reads as follows in 

Lemma (Value substitution) 

d : D 

Assume Eh 11 Then: 
d' : D' 

z : D 



(1) hE, U E' ^E,E<{ z Z ,^j 



z' : D' 

(2) E vV E ' h i ^ E ' E '{zidj h f{z z idj 

z:D a:A r , a : A r .1 

(3) E, U ,E'h m => E,E' z Z ,L fl h at Z ,^, 

z' : D' b : B l z ^ a J b : B lZ 

One of the conservativity results for Sf, (Conservativity over F for equality in ), does not extend to 
^ . Many examples of new equalities are shown in section 3. 
We close this section with a negative result: 
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Counterexample (to strengthening) 

One might expect a strengthening lemma to hold, as it does in F. Such a lemma would claim that if 
E,x:A h J? is provable and x does not occur in J, then E h J is provable as well. As in calculi with empty 
types [Meyer, et al. 1990] this lemma fails in %} . 

true : Bool 

As an example we show that x : V(X)X h Bool* but the consistency of ^disallows 

false : Bool 

true : Bool 

I- Bool * (see section 4). This result can be attributed to the fact that V(X)X is provably initial, as 
false : Bool 

stated in section 3. 

Bool 

We start by introducing a functional relation, proving that x : V(X)X h (A(y : Bool)true) . Furthermore 

Bool 

x(Bool) : Bool 

we have x : V(X)X h(A(y : Bool)true) by (Rel Val ^x) and (Rel Val Appl2 ), and eliminating the functional 
x(Bool) : Bool 

true : Bool false : Bool 

relation we obtain x : V(X)X h Bool * . Similarly, we derive x : V(X)X h Bool * . Finally, 

x(Bool) : Bool x(Bool) : Bool 

true : Bool 

by (Rel Val Symm) and (Rel Val Saturation Lft), we obtain x : V(X)X h Bool * . 

false : Bool 

3. Theorems for free, syntactically 

In this section we illustrate the power of by carrying out formal proofs. The results given below ap- 
ply to all terms, and not just to closed terms. In some cases, even the results for closed terms are somewhat 
difficult; Wadler's work [Wadler 1989] includes a few interesting semantic results that can be read as re- 
sults about closed terms. In order to deal with open terms we do not use structural induction (like Mairson), 
but rather the rule (Rel Val 5^x) and the identity extension property (that is, part (3) of corollary (Soundness 
of F in ^), see section 2.1.2). Throughout the section, the r| rules are used heavily. 

We begin with two simple examples in the first two subsections. Then we develop some general tech- 
nical tools in sections 3.3 through 3.5; the reader may prefer to skim these sections in the first pass. We 
formalize commuting squares of functions and the notion of extensional equality of relations. Furthermore, 
we show that covariant functors commute with functional relations. In section 3.6 we apply these tools to 
prove properties of the type of the map function. We also obtain a more substantial theorem about initial al- 
gebras in section 3.7: the F encoding of initial algebras for covariant functors is indeed initial. (Without 
parametricity assumptions, the encoding is weakly initial.) Similarly, we treat the encoding of products and 
coproducts in section 3.8. In section 3.9, we briefly discuss some applications of initiality (mainly to prop- 
erties of the type Nat). Finally, in section 3.10, we raise a conjecture that connects Reynolds's notion of 
parametricity with type erasures. 

In many statements we make the superscripts explicit in h F and , especially when a statement in- 
volves judgments of both systems. Superscripts are often omitted in proofs. A plain h stands for . We 
use the abbreviations introduced in section 2 and summarized in the appendix. 

3.1 A simple example 

As a first example we generalize and formalize the reasoning of section 1 about the type 
V(X)X-»Bool. 
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Proposition (Constant) 

The type V(X)X — »A (where X is not free in A) is isomorphic to A. That is, given E such that E h F A, there 
exist two terms i and j such that E h F i: (V (X)X->A) -> A , E h F j: A->(V(X)X->A), and: 

, iQ(u)):A 
E, u : A A* 
u: A 

j j(i(t)): V(X)X-^A 
E, t : V(X)X -)Ah* (V(X)X -> A) * 
t: V(X)Xh>A 

where u and t are fresh. 
Proof 

First we observe that, by the soundness of F in E h F A implies Eh A, hence h E,u:A. Define: 
j=A,(u:A)A,(X)A,(x:X)u 

For each u, j(u) is a polymorphic constant function. Pick a closed type B and a closed term b such that 
h F b:B (for example, B = V(X)X— >X, b = A,(X)A,(x:X)x). By the soundness of F in and weakening, we 
have E, X, z:X h b:B. Now define: 

i=A,(t: V(X)X->A)t(B)(b) 

i(j(u)):A 

Two applications of the P rule yield: E, u : A h A* 

u:A 

The second result requires parametricity. We consider the constant function A(z : X)b as a relation. We 
X t(X) : X -> A 

have E,X h (A(z : X)b) by (Rel FRel), hence E, t : V(X)X -4 A, X h (A(z : X)b) -> A* by (Rel Val %x) 

B t(B) : B -> A 

and (Rel Val Appl2 ). By functional-relation introduction (more precisely, by (Rel Val FRel Intro), (Rel Val 

x:X 

Beta), and (Rel Val Saturation Rht)) we have E, X, x : X h (A(z : X)b). By (Rel Val Appl) it follows that 

b:B 

X x:X t(X)(x): A 

E, t : V(X)X -> A, X, X V- A* , where we have partially expanded the environment abbre- 
X, x,:X, t(B)(b):A 

viations. By the P rules, we can replace t(B)(b) with j(i(t))(X 1 )(x 1 ). We obtain: 

X x:X t(X)(x): A 

E, t : V(X)X -> A, X , X h A* 

X, x i: X, j(i(t))(X 1 )(x 1 ):A 

and the second conclusion follows by (Rel Val Fun), (Rel Val Eta), (Rel Val Fun2), and (Rel Val Eta2). 
□ 



3.2 V(X)X X contains only the identity function 

We show that all terms of type V(X)X— >X are equal to the polymorphic identity function 
id = A(X)A(x : X)x , and hence that this type is terminal. For closed terms this result follows easily from 
strong normalization, but a strong-normalization argument does not extend to open terms. 
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Proposition (Terminal) 



E h F f : V(X)X — > X => E h 



f : V(X)X -H> X 
(V(X)X -H> X) * 
id : V(X)X X 



Proof 



By the theorem (Soundness of F in and by the lemma (Value substitution), it suffices to prove: 

z : V(X)X -H> X 
z : V(X)X -> X h (V(X)X -h> X) * 
id : V(X)X X 

V(X)X -H> X 

Using (Rel FRel) we obtain z : V(X)X -H> X, X, x : X h (A(g : V(X)X -H> X)x) . 

X 

Hence we derive: 

z(V(X)X -H> X) : (V(X)X -H> X) (V(X)X -H> X) 
z : V(X)X -H> X, X, x : X h (A(g : V(X)X -H> X)x) -H> (A(g : V(X)X -H> X)x) 

z(X) : X H> X 

by (Rel Val !^x) and (Rel Val Appl2), 

z : V(X)X -H> X 
z : V(X)X -H> X, X, x : X h (A(g : V(X)X -H> X)x), 

x:X 

by (Rel Val FRel Intro), (Rel Val Beta), and (Rel Val Saturation Rht), 

z(V(X)X -H> X)(z) : (V(X)X -H> X) 
z : V(X)X -H> X, X, x : X h (A(g : V(X)X -H> X)x) 

z(X)(x):X 

by (Rel Val Appl), and 

x ' X 

z : V(X)X -H> X, X, x : X h X 

z(X)(x):X 

by (Rel Val FRel Elim). Furthermore, we have: 

X x : X z(X)(x) : X 
z : V(X)X -H> X, X , X h X 

X, x i: X, z(X,)(x 1 ):X 1 

by (Rel Val $x), (Rel <W), (Rel Val Appl2), (Rel Val x^.y), and (Rel Val Appl); and by (Rel Val Saturation 
Lft) we derive: 



After using the (3 rules to equate x and id(X)(x), the conclusion follows as in proposition (Constant), with in 

addition an application of (Rel Val Symm). 

□ 



z : V(X)X -H> X, 



X x:X 
X , X 



x:X 
X 

z(X 1 )(x 1 ):X 
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3.3 Commuting squares as assumptions 

The following three subsections develop tools that serve to formulate and prove theorems about the 
type of map (section 3.6) and about initial algebras (section 3.7). We first formalize in %} the assumption 
that a square like the following commutes: 

B — !-> A 



k h 

B' — A' 

Functional relations can be used to encode such an equational assumption. The commutation of the di- 
agram above can be expressed by the requirement that (k) — > (h) relates t and t' . This is formalized in the 
following lemma, where we use ";" to denote the (encoding of) composition, setting t;h = A,(x)h(t(x)). 

Lemma (Commuting squares) 

Suppose that E h F t : B — > A, Eh F t': B'^ A', E h F k : B — > B', and E h F h.A—> A'. 

t;h:BH>A' t : B — > A 

Then Eh* (B -H> A') * if and only if E h* (k) -H> (h) . 

k;t':B->A' t':B'-^A' 

Proof 

t;h : B — > A' 
Let Eh(B-)A')* . 
k;t': B — > A' 

We claim: 

x : B t(x) : A 
E, (k) h (h) 
x':B' t'(x'):A' 

where x and x' are fresh. By (Rel Val Saturation Rht) we may decompose the claim into three parts, all of 
them easy to check: 

x:B t(x):A x:B h(t(x)) : A' x:B t'(k(x)):A' 

E, (k) h (h) E, (k) h A'* E, (k) h A'* 

x':B' h(t(x)):A' x': B' t'(k(x)) : A' x':B' t'(x') : A' 

From the claim we derive: 

A(x : B)t(x) : B A 
Eh (k> -> (h) 

A(x': B')t'(x') : B'— > A' 

t:B-> A 

and then by (Rel Val Eta), (Rel Val Saturation Lft), and (Rel Val Saturation Rht): E h (k) (h) . 

t':B'-> A' 

t:B-> A 

Conversely, suppose Eh (k) -> (h) , then by weakening, (Rel Val x3(,y), and (Rel Val Appl) : 
t': B'h> A' 

x : B t(x) : A 
E, (k) h (h) 
x':B' t'(x'):A' 
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x:B t'(k(x)):A' x:B t(x):A 

Using E, (k) h A'* we have E, (k) h (h> by (Rel Val Symm) and (Rel Val Saturation 
x':B' t'(x'):A' x':B' t'(k(x)):A* 

Rht), and by (Rel Val FRel Elim) we get: 

x : B h(t(x)) : A' 
E, (k) h A'* 
x': B' t'(k(x)) : A' 

By weakening and renaming we also get: 

x:B x,:B h(t(x!)):A' 
E, B * , (k) h A'* 
y:B x',:B' t'^x^A' 

x:B x:B 

Notice that E, B * h (k) . We can use this to substitute into the judgment above, replacing x t with 
y:B k(x):B' 

x and (vacuously) x' , with k(x), obtaining: 

x : B h(t(x)) : A' 
E, B* h A'* 
y : B t'(k(x)) : A' 

x : B h(t(x)) : A' 
By assumption, we can equate x and y, to derive E, B * h A'* 

y:B t'(k(y)):A' 

t;h:B^ A' 

Finally we get E h (B — > A') * using (Rel Val Fun). 
k;t*:B->A* 

□ 



3.4 Extensional equality 

We define a notion of extensional equality between relations. This notion can be formally added to %} , 
or it can be left at the metalevel, as we do here. Intuitively, two relations are extensionally equal if they 
have the same graph, and they are extensionally inverses if the graph of one is the inverse of the graph of 
the other. 

Definition (Extensional equality) 

We say that 3^ and S are extensionally equal, and we write: 
A 

Eh 31 = e S 
B 

x:A x:A x:A x:A 

if E, %. h S and E, S h %. . 
y:B y:B y:B y:B 

We say that and S are extensionally inverses, and we write : 
A 

Eh t = e ° P S 

B 
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x:A y:B y:B x:A 

if E, 31 h S and E, S h %, . 
y:B x:A x:A y:B 

In both definitions we assume that x and y are fresh. 

We state a few properties of extensional equality. The proofs of the first two lemmas are omitted. 

Lemma (Transitivity of extensional equality) 

A A A 

E h 31 = e 3C , E h 3C = e 31" => E h = e !C 
A' A' A' 



Lemma (Extensional congruence) 

A B A-»B 

E h 5^ = e , E h S = e S' => Eh 31— > S = e *.'-> 5' 
A' B' A'-»B' 

X A V(X)A 

E, W h t= t t' Eh V(^K= e VWt (XeA'.tt and X'«A,tt) 
X' A' V(X*)A* 



Lemma (Identity relations) 

A 

EhA E h A* = e (A(x : A)x> 
A 



Proof 

x : A x : A y : A 

In one direction, we have E, A* h y : A by (Rel Val ^.y), and E, A* h (A(x : A)x) by (Rel Val 

y : A y : A (A(x : A)x)y : A 

x : A x : A 

FRel Intro). Hence E, A* h (A(x : A)x) follows by saturation, (Rel Val x!^y), and (Rel Val Beta), 
y : A y : A 

For the converse direction we use (Rel Val x3^y) and (Rel Val FRel Elim) to obtain: 

x : A (A(x : A)x)x : A 
E,(A(x: A)x) h A* 
y : A y : A 

x : A x : A 
hence, via (Rel Val Beta), we have E, (A(x : A)x) h A* . 

y : A y : A 

□ 

Lemma (Identity substitution) 

A 

E, X, E' h A => E, X, E' h A* = e A* {X <- (A(x : X)x)} 

A 
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Proof 

By induction on the structure of A, using lemmas (Identity relations) and (Extensional congruence). 
□ 

3.5 A commutation property 

The third technical tool concerns covariant types. We say that a type A is covariant in X when X oc- 
curs only positively in A. For example, (X — > Y) — > X is covariant in X. Symmetrically, A is contravariant 
in X when X occurs only negatively in A (as Y in the type above). A type A depending on X (the other free 
variables being considered as fixed parameters) may be viewed as a map B >-» A{X<— B} from types to 
types. When A is covariant in X, it determines a (covariant) functor, which associates with any h:B— >B' a 
term A{X<— h} of type A{X<— B}— >A{X<— B' }. When A is contravariant in X, it determines a contravariant 
functor, which associates with any h:B— >B' a term A{X<— h} of type A{X<— B'}— >A{X<-B}. We use the 
following notation: 

If E h F a : A'-^ A and E h F b : B H> B', then a H> b stands for: 

A(x : A -> B)A(y': A')b(x(a(y'))) which has type (A B) (A'^> B') 

If E, X h F a : B -H> B', then V(X)a stands for: 

A(x : V(X)B)A(X) a(x(X)) which has type (V(X)B) -H> (V(X)B') 

Definition (Types as functors) 

Suppose that E,X h F A, where A is covariant or contravariant in X, and consider the environment E, Y, 
Y', h: Y->Y'. We define A{X <— h} as follows, by induction on A: 

X{X<-h} = h 

Y{X^h} = A(y: Y)y (Y*X) 

(A, H> A 2 ){X<-h} = (A!{X^h})^(A 2 {X^h}) 

(V(Y)A,){X^h} = V(Y)A,{X^h} 

The next lemmas state that the substitution just defined yields well-typed terms and preserves identi- 
ties. We omit the proof of these lemmas, as well as the statement that A preserves compositions. 

Lemma (Functor well-formedness) 

If E, X h F A , where A is covariant in X, then, for Y, Y', and h fresh: 

E, Y, Y', h : Y -H> Y* h F A{X <- h} : A{X <- Y} -4 A{X <- Y'} 
If E, X h F A , where A is contravariant in X, then, for Y, Y', and h fresh: 

E, Y, Y', h : Y -H> Y* h F A{X <- h} : A{X <- Y*} A{X <- Y} 

Lemma (Functors preserve identity) 

If E, X h F A , where A is covariant or contravariant in X, then: 

E, X h F A{X <- A(x : X)x} = A(z : A)z : A -> A 

Typically, in our proofs, we get relations of the form A*{X<— (h)} from an application of (Rel Val 
Appl2), while ( A{Xf-h} ) may be needed. The following lemma says that covariant functors commute with 
functional relations, so A*{X<-(h) } can be transformed into ( A{X<— h] }. 

Lemma (Commutation of (-)) 

Assume E,X h F A , where A is covariant in X, then, for Y, Y', and h fresh: 
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A{X^B} 

E, Y, Y\ h : Y -h> Y* A* {X <- (h)} = e (A{X <- h}> 

A{X^B'} 

Assume E,X h F A , where A is contravariant in X, then, for Y, Y', and h fresh: 

A{X<-B} 

E, Y, Y\ h : Y -> Y* h*' A* {X <- (h)} =° p (A{X <- h}> 

A{X<-B'} 



Proof 

We prove the first claim only, using an idea due to Plotkin. The second one is proved similarly. By theorem 
(Partial relational interpretation of F), we derive from the first claim of lemma (Functor well-formedness): 

Yj Y\ h l : Yj -> Y'j A{X <- hj : A{X <- YJ -> A{X <- Y'j } 

e, j, y, <y^>y \- a*{x <- j\ -> a*{x <- j'\ 

Y 2 Y' 2 h 2 :Y 2 ^Y' 2 A(X<-h 2 }: A{Xf-Y 2 HA{Xf-Y' 2 ( 

We use two different substitution instances of this judgment to establish the claim. First, by lemma 
(Commuting squares), and by weakening and value substitution, with (h) for % Y' for J ; h for h,, and 
(A,(y':Y')y' ) for h 2 , we get: 

A{X<-h}: A{X <— Y} — > A{X <— Y'} 
E, Y, Y\ h : Y -> Y' h A* {X <- (h)} -> A* {X <- Y*} 

A{X <- A(y*: Y*)y*} : A{X <- Y*} -> A{X <- Y*} 

By lemma (Functors preserve identity) and the soundness of F equalities in we can replace 
A{X <- A(y*: Y')y'} with A(z : A{X <- Y'})z: 

A{X<-h}: A{X <— Y} — > A{X <— Y'} 
E, Y, Y', h : Y -> Y' h A* {X <- (h)} -> A* {X <- Y*} 

A(z : A{X 4- Y*})z : A{X <- Y*} -> A{X <- Y*} 

By weakening, (Rel Val Appl), and (Rel Val Beta), we have: 

x: A{X<-Y} A{X<-h}(x): A{X <- Y'} 
E, Y, Y', h : Y -> Y\ A* {X <- (h)} h A* {X <- Y*} 

x': A{X<h-Y'} x': A{X<-Y'} 

and by functional-relation introduction: 

x: A{X<H-Y} x: A{Xf-Y} 
E, Y, Y\ h: Y-> Y*, A*{X^(h)} h {A{X<-h}) 
x': A{X<-Y'} x': A{X<-Y'} 

Our second substitution instance is with Y for % (h) for J \ A,(y:Y)y for h l , and h for h 2 : 

A{X <- A(y : Y)y} : A{X <— Y} -> A{X <- Y} 
E, Y, Y\ h : Y -> Y' h A* {X <- Y} -» A* {X 4- (h)} 

A{Xf-h): A{X<-YHA{X^-Y'l 

By a similar reasoning, and using (Rel Val 3^x), we get: 

x: A{X <r- Y} x: A{X<-Y} 

E, Y, Y', h: Y^ Y', (A{X<-h}) h A*{X<-(h}} 

x': A{X<-Y'} A{X<-h}(x): A{X <- Y'} 

Then the second half of the claim follows by (Rel Val x5^y), (Rel Val FRel Elim), and (Rel Val Saturation 
Rht): 
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x: A{X<h-Y} x: A{X<h-Y} 

E, Y, Y\ h : Y -h> Y\ (A{X <- h}) h A* {X <— (h)} 

x': A{X^Y'} x': A{X^Y'} 

□ 



3.6 Properties of map 

We first apply the technical tools developed in the last three subsections to the proof of two theorems 
about map. The statements of these theorems express interesting equations between polymorphic terms that 
can be interpreted as program transformations. The theorems have been proved semantically for closed 
terms by Wadler [Wadler 1989]. Mairson has also discussed the second of these theorems, and has argued 
for the need of structural induction (in his framework). As we have already stressed, our proofs are free of 
induction. 

The F encoding of X-lists is 

List{X} = V(Y)Y (X Y -H> Y) -H> Y 

Then V(Y)Y -> (h -> Y -> Y) -> Y, abbreviated as List{h}, is the encoding of the familiar map function 
of type V(X)V(Y)(X Y) H> (List{X) List{ Y}), instantiated at B, B', and applied to h. Thus we have: 

List{h} = map(B)(B')(h) (for h of type B^B') 

One of Wadler's theorems says: take a term of type V(X)List{X} -> List{X}, such as reverse, then the 
following square commutes: 

ListfB} reverse(B) ) List{B} 



List(h) 



List{ hj 



ListfB'} reverset "' ) List{B'} 

That is, one may indifferently apply map to a list, and then reverse it, or first reverse it, and then apply map 
to the reversed list. The property actually has nothing to do with reverse. It applies to any term of the type 
of reverse. The following proposition is a direct generalization of this example. 



Proposition (Commutation for polymorphic functions) 

Let A and A' be two types, such that E,X h F A, E,Xh F A', and A, A' are covariant in X. Let 
E h F t : V(X)(A — > A') and E h F h : B — > B'. Then the following diagram commutes: 

A{X^-B} 1(B> ) A'fX^B} 



A(X <- h) 



A'{X h) 



A{X<-B'} 1<B,> ) A'{X<-B'} 

that is, formally: 

(t(B) ; A'{X <- h}) : A{X <- B} A'{X <r- B'} 
Eh*' (A{X^B}^ A'{X<-B'})* 

(A{X ^ h} ; t(B')) : A{X ^ B} A'{X ^ B'} 

Proof 

By lemma (Commuting squares) the claim can be restated as: 
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t(B): A{X <— B} — > A'{X <•— B} 
Eh (A{X<-hH(A'{X4-h)) 
t(B') : A{X <- B'} -> A'{X <- B'} 

After two applications of lemma (Commutation of (-)), the claim is reformulated as: 

t(B):(A-> A'){X<hB} 
Eh (A -> A')* {X <— (h)} 
t(B*):(A->A*){X<-B*} 

and follows by the identity extension property and (Rel Val Appl2). 
□ 

We now proceed to derive a second theorem about map. Wadler has proved that any term m of the type 
V(X)V(Y)(X — > Y) — > (List{X} — > List{ Y}) of map is the composition (in either order) of map and of a 
rearrangement function, like reverse. The rearrangement function is retrieved from m by instantiating X and 
Y to a same type, say X, and then by applying m(X)(X) to the identity on X; the resulting term has type 
List{X}^List{X}. 

Proposition (Map) 

Let E stand for: 

m : V(X)V(Y)(X -> Y) -> (List{X} -> List{ Y}), X, Y, f : X -> Y 
Then the following judgments are provable: 

m(X)(Y)(f) : List{X} -> List{Y} 
Eh* (List{X}-^List{Y})* 

(m(X)(X)(A(x : X)x) ; Listff}) : List{X} -> ListfY} 



m(X)(Y)(f): List{X}H>List{Y} 
Eh*' (List{X}^List{Y})* 

(List(f) ; m(Y)(Y)(A(y : Y)y)) : List{X} -> List{Y} 

Proof 

Consider the following commuting square: 
X — «-> Z 



a b 



X' — £-> Z' 

Let 

g:X^Z 

E, = m : A, X, X', Z, Z', a : X -H> X', b : Z -> Z', (a) -H> (b) 

g':X'->Z' 

where A stands for V(X)V(Y)(X -> Y) -> (List{X} -> List{ Y}). By (Rel FRel) we have: 

X Z 
E,h(a) E,h(b> 
X' Z' 

Hence by (Rel Val 3?x), (Rel Val Appl2), and (Rel Val Appl): 
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m(X)(Z)(g) : ListfX} -H> ListfZ} 
E, h List {(a)} -> List {(b)} 

m(X')(Z')(g') : List{X'} -> List{Z'} 

(where List{ (a)} stands for (List{X})*{X<— (a)}), and by lemma (Commutation of (-)): 

m(X)(Z)(g) : List{X} -> ListfZ} 
Ejh (List{a})H>(List{b}) 

m(X')(Z')(g') : List{X'} -> List{Z'} 

In diagrammatic form, we have proved: 

X - ) Z List{X} m(X)(ZXg) ) List{Z} 



List{a} 



List{b| 



X' 



-> Z' 



List{X'} 



m(XXZXg1 



^ List{Z'} 



Consider now the following substitution instances for X, X', Z, Z', a, b, g, and g': 



X 



-> Y 



X A(x:X)x ) X 



A(y:Y)y and A(x:X)x 



Y ;i (y :Y )y y y 

The corresponding conclusion squares are: 

List{X} m(X)(Y)(f) ) List{Y} 



X 



-> Y 



List(f] 



List(A(y : Y)y) 



List{Y} 



m(Y)(Y)(A(y:Y)y) 



-> List{Y} 



and 



ListfX} m (X)(X)(A(x:X)x) ) Ust{x} 



List(A(x : X)x) 



List{f) 



List{X} 



m(X)(Y)(f) 



> List{Y} 



They yield the two judgments of the statement, using lemma (Functors preserve identity). 
□ 



3.7 Initial algebras 

Given a type A covariant in X, an A-algebra is a pair of a type B and of a morphism t:A{X<— B}— >B. 
An A-algebra morphism from (B,t) to (B',t') is a term h:B— >B' such that t;h = A{X<— h};t'. An initial A-al- 
gebra is an A-algebra (T,m) such that for any other A-algebra (B,t) there exists exactly one A-algebra mor- 
phism from (T, in) to (B,t). The goal of this subsection is to show that, given A covariant in X, the type 

T = V(X)(A -H> X) X 
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can be turned into an initial A-algebra. (See also [Wadler 1991].) Hence the initial algebras useful in pro- 
gramming (for example, that of natural numbers, see section 3.9) can be defined properly as polymorphic 
types. Bohm and Berarducci have used similar types to encode primitive recursion on (possibly heteroge- 
neous) term algebras [Bohm, Berarducci 1985]. They obtain a completeness result that guarantees that the 
encoding of algebras is correct for closed terms. 
We define: 

fold: V(X)(A -> X) -h> (T -h> X) = 
A(X) A(k : A -> X) A(x : T) x(X)(k) 



in :A{X^T}->T = 
A(y : A{X <- T}) A(X) A(k : A —> X) 
k(A{X<-/oW(X)(k)}(y)) 

Our first lemma states that fold(X)(k) takes an algebra (X,k) to an algebra morphism A.(x:T)x(X)(k) from 
(T,in) to (X,k). 



Lemma (in morphism) 

Assume E, X h F A with A covariant in X. Then, if k is fresh: 

in: A{X<-T}-^T 
E, X, k : A -> X (A{X <- fold(X)(k)}) -> (fold(X)(k)) 

k: A^X 



Proof 

By lemma (Commuting squares), the statement is equivalent to the equality of in ; /oW(X)(k) and 
A{X<—fold(X)(k)} ; k, which follows straightforwardly from the definitions of fold and in, using (3 rules. 
□ 

The initiality of (T, in) means that if a is a morphism from (T, in) to (X,k), then a must equal fold(X)(k). 
Before proving the initiality theorem, we establish two further lemmas. 

Lemma (Algebra morphisms) 

Assume E,X h F A with A covariant in X. Then, if x, Y, Y', h, t, and t' are fresh: 

t:A{X<-Y}H>Y h(x(Y)(t)) : Y' 
E, x:T,Y,Y', h: Y^ Y', (A{X <H- h}) (h) Y* 

t': A{X^- Y'}^ Y' x(Y')(t'):Y' 



or, diagrammatically: 

A{X <- Y} 



-> Y 



.faM(Y)(l) 



* Y 



A{X <- h) 



* Y' 



A{X<-Y'} — ^ Y* 1 
The left square of the diagram expresses that h is a morphism from (Y,t) to (Y',t'). 
Proof 

By (Rel Val %x) and (Rel Val Appl2), we have: 

x(Y) : (A{X <- Y} -H> Y) -» Y 
E, x : T, Y,Y',h:Y^Y' h (A* {X <- (h)} (h)) -H> (h) 

x(Y') : (A{X <H- Y'} Y') -> Y* 

Then, by (Rel Val Appl), we obtain: 
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t:A{X<HY}H>Y x(Y)(t):Y 
E, x:T,Y,Y',h: Y^ Y', A* {X <- (h)} ->(h) h (h> 

t': A{X<- Y'}^Y' x(Y*)(t*):Y* 

and by (Rel Val FRel Elim): 

t:A{X<nY}->Y h(x(Y)(t)) : Y* 
E, x:T,Y,Y',h: Y H> Y', A* { X <- (h)} -> (h) h Y* 

t': A{X^ Y'}^Y' x(Y')(t'):Y' 

The claim follows by lemma (Commutation of (-)). 
□ 



Lemma (x(T)(in )) 

Assume E, X h F A with A covariant in X. Then, if x is fresh: 

, x(T)(m):T 
E,x:Th* T* 
x:T 



Proof 

By lemma (in morphism) we obtain the following substitution instance of lemma (Algebra morphisms): 

/oW(X)(k)(x(T)(/n)) : X 
E, x : T, X, k : A -> X h X 

x(X)(k):X 

It is obtained with the renaming Y'=X and the substitutions Y=T, h=/oW(X)(k), t=in, t'=k. Hence by the 
definition of fold, and by (3 rules, we have: 

x(T)(/«)(X)(k):X 
E, x : T, X, k : A -> X h X 

x(X)(k):X 

and the claim follows by r| rules (with manipulations similar to those at the end of proposition (Terminal)). 
□ 



Theorem (Initial algebras) 

The algebra (T,in) is initial. That is, if E, X h F A with A covariant in X, E,X h F a :T — > X, and k is 
fresh, then: 

, in : A{X <hT}^T , a:T^X 

E,X, k:A^Xh* (A{X <- a}) -> <a) ^> E,X, k:A^Xh* (T^X)* 

k : A -> X fold(X)(k) : T -> X 

Proof 

Using the assumption we obtain the following consequence of lemma (Algebra morphisms): 

a(x(T)(m)) : X 
E, X, k : A -> X, x : T h X 

x(X)(k):X 

It is obtained with the renaming Y'=X and the substitutions Y=T, h=a, t=in, t'=k. By lemma (x(T)(m)) we 
can equate x(T)(in) and x: 
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a(x) : X 

E, X, k : A -> X, x : T h X 

x(X)(k):X 

Unfolding fold, we obtain: 

a(x) : X 

E, X, k : A -> X, x : T h X 

fold(X)(k)(x):X 

Since: 

x : T fold(X)(k)(x) : X 
E, X, k : A -> X, T * h X 

x': T fold(X)(k)(x') : X 

we can conclude using (Rel Val Saturation Lft), (Rel Val Fun), and (Rel Val Eta). 
□ 

A consequence of initiality is that in is actually an isomorphism from A{X <— T) to T. Hence, the initial A- 
algebra is a solution for the fixpoint equation X = A{X}; the two halves of the isomorphism between T and 
A{X<— T} are in and out, where out is defined as follows: 

out :Th> A{X<-T} = 
fold(A{X <- T})(A{X <- in}) 

Polymorphic types thus suffice to encode co variant recursive types. In particular, if X does not occur in A, 
then A and V(X)(A -> X) -> X are isomorphic. 

3.8 Products and coproducts 

In system the following properties are provable: 

(1) V(X)X — > X is terminal (as already proved), 

(2) V(X)(B -> B'h> X) -> X is a product of B and B\ 

(3) V(X)X is initial, 

(4) V(X)(B -> X) -> (B'-> X) -> X is a coproduct of B and B' . 

If the existence of products and coproducts is already assumed, these results can all be seen as in- 
stances of the isomorphism between A and V(X)(A — » X) —> X , for A constant in X. For example, taking 
A = BxB', and using the isomorphism between BxB' — »X and B — >B' — >X, we get (2). But neither system F 
nor system have "pre-existent" finite products and coproducts. Hence each of the properties (l)-(4) has 
to be proved separately, and independently of the initial algebra theorem. We discuss binary products only. 

Proposition (Product) 

The type V(X)(B -> B'-> X) -> X is a product of B and B' . 
Proof 

We adapt a semantic proof communicated to us by Wadler. It is well known that, when E h F b:B, 
E h F b': B', the following laws are provable in F : 

E h F fst(pair(b)(b')) = b : B E h F snd(pair(b)(b')) = b': B' 

with: 
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A= V(X)(B -> B'^ X) -> X 

fst = A(a : A)a(B)(A(x : B)A(x': B')x) 

snd = A(a: A)a(B')(A(x:B)A(x':B')x') 

pair = A(b : B)A(b': B*)A(X)A(k : B -> B'-» X)k(b)(b') 

What remains to be checked is surjective pairing: 

, pair(fst(a))(snd(a)) : A 
(SP) E, a : A h^ A* 

a: A 

We follow the same proof pattern as for theorem (Initial algebras). We get the following counterpart of 
lemma (Algebra morphisms): 

k:B-H>B'-*X a(X)(k): X 

(1) E, a : A, X, X', h : X -> X', B* -> B'* -> (h) h (h) 

k':B^B'-^X' a(X*)(k*): X' 

k:B->B'->X 

In (1), much as in lemma (Commuting squares), the assumption B* — > B'* — > (h) amounts to asserting that 

k':B-»B'-»X' 

k is A,(b:B)X(b':B')h(k(b)(b')). By instantiating (1) to X=A, k=pair, and h= A(a : A)a(X')(k'), we get: 

a(A)(pair) : A 
E,a : A,X*,k*: B -> B'-» X' h (A(a : A)a(X*)(k*)) 

a(X')(k'):X' 

and from there, the following counterpart of lemma (x(T)(;'n)) is obtained: 

a(A)(pair) : A 

(2) E, a : A h A* 

a: A 

We instantiate (1) again, with X=X'=A, k=k'=pair, and h= A(a : A)pair(fst(a))(snd(a)) : 

a(A)(pair) : A 
E, a : A h (A(a : A)pair(fst(a))(snd(a))) 
a(A)(pair) : A 

Combining this with (2), we get: 

a ' A 

E, a : A h (A(a : A)pair(fst(a))(snd(a))) 
a: A 

and the claim follows by (Rel Val FRel Elim). 
□ 

There is a simpler proof of this theorem if the system is extended to support ternary relations as 
well as binary relations. We suggest how such an extension could be defined. The following judgments and 
rules would be added, among others: 



(Rel FRel2) (Rel Val FRel2 Intro) 

Ehc:A-^B^C Ehc:A^B->C E h a : A Eh b:B 

A7B a: A,b:B 

Eh (c) 2 Eh (c) 2 

C c(a)(b) : C 
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In this system, the proof of surjective pairing goes as follows. We have, by (Rel Val 5^x) and by a ternary 
version of (Rel Val Appl2): 

a(B) : (B -> B'-» B) -> B , a(B') : (B -> B'h> B') -> B' 
E, a: A, X, k:B^B'^Xh (B* -> B'* -> (k> 2 ) -> (k> 2 

a(X) : (B -> B'-» X) -> X 

On the other hand, 

A(x : B)A(x': B')x : B -> B'-> B , A(x : B)A(x': B')x': B -> B'-H> B' 
E, a: A, X, k:B^B'^X h B* H> B'* H> (k} 2 

k:B^B'^X 

is an instance of a variant of lemma (Commuting squares), so that we obtain by ternary-relation application: 

a(B)(A(x : B)A(x': B*)x) : B , a(B*)(A(x : B)A(x': B*)x*) : B' 
E, a: A, X, k:B^B'^Xh (k> 2 

a(X)(k):X 

and by ternary-relation elimination: 

k(a(B)(A(x : B)A(x': B')x))(a(B')(A(x : B)A(x': B*)x*)) : X 
E, a : A, X, k : B -> B'-» X h X 

a(X)(k) : X 

Then (Rel Val Beta) and (Rel Val Saturation Lft) allow us to replace 

k(a(B)(A(x : B)A(x*: B')x))(a(B')(A(x : B)A(x*: B*)x*)) with pair(fst(a))(snd(a))(X)(k) 
and the claim follows as in the proof of propositions (Constant) and (Terminal). 

We end this section with an application. Using the properties of products, we obtain a theorem about 
booleans. In F, the only two closed normal forms of type Bool are: 

true = A(Z)A(x : Z)A(y : Z)x 
false = A(Z)A(x : Z)A(y : Z)y 

We prove that any two functions from Bool to the same type A that coincide on true and false are equal. 
For example, the terms (A,(x:Bool) 3) and (A,(x:Bool) if x then 3 else 3) are provably equal. 

Proposition (Bool) 

Let Eh A, Ehb: Bool -> A, E h b': Bool -> A . Then: 

b(true) : A b(false) : A b : Bool -> A 

Eh A* a Eh A* =>Eh (Bool -> A)* 

b'(true): A b'(false) : A b': Bool -> A 

Proof 

We only sketch the argument. We exploit the following isomorphisms: Bool is isomorphic to 1+1, 
(C+C)— >A is isomorphic to (C— > A)x(C— >A) for any C and C, and 1— >A is isomorphic to A. Hence 
Bool— >A is isomorphic to AxA. The two halves of the isomorphism are: 

i = A(f : Bool -> A)A(Y)A(g : A -> A Y) 
g(f(true))(f(false)) 

j = A(h : V(Y)(A -> A -> Y) -> Y)A(x : Bool) 
h(A)(x(A)) 
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One then observes that i(b) and i(b') are equal, since the argument f occurs only in the contexts f(true) and 
f(false) in i. Finally, the equality of i(b) and i(b') entails the equality of b and b', since b is equal to j(i(b)) 
and b' is equal to j(i(b')). 
□ 



3.9 Some applications of initiality 

We briefly mention two other consequences of the general theorems about initiality and products. 

The type Nat = V(X)(X -> X) -> X -> X of Church integers is the initial A-algebra for A=l+X, 
hence Nat and 1+Nat are provably isomorphic in %. 
- The type List{Y} = V(X)X -H> (Y -H> X X) X of lists is the initial A-algebra for 
A=l+(YxX), covariant in variable X. Hence List{Y} and l+(YxList{ Y}) are provably 
isomorphic. 

We concentrate on the type Nat for the rest of this section. If n has type Nat, we can prove the follow- 
ing naturality condition, similar to the statement of lemma (Algebra morphisms): 

A -U A A n(A)m ) A 



B B B n(B)(F) ) B 

This implication has several interesting instantiations. Recall the classical encodings of arithmetical opera- 
tions in F: 

succ : Nat -> Nat = 
A(n : Nat)A(X) A(f : X -> X) A(x : X) f(n(X)(f)(x)) 

zero : Nat = 

A(X) A(f : X -> X)A(x : X)x 

add : Nat -> Nat -> Nat = 
A(m : Nat)A(n : Nat)m(Nat)(jwcc)(n) 

mult : Nat -> Nat -> Nat = 
A(m : Nat)A(n : Nat)m(Nat)(<oW(n))(zero) 

exp : Nat -> Nat -> Nat = 
A(m : Nat)A(n : Nat)m(Nat)(mw/f(n))(iMCc(zero)) 

In ^' we can prove: 

n:Nat 

n : Nat h Nat * 

n(Nat)(iMcc)(zero) : Nat 

add(m)(n) : Nat 
m : Nat, n : Nat h Nat * 

A(X)A(f : X X)A(x : X)m(X)(f)(n(X)(f)(x)) : Nat 

mult(m)(n) : Nat 
m : Nat, n : Nat h Nat * 

A(X)A(f : X X)m(X)(n(X)(f)) : Nat 
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exp(m)(n) : Nat 
m : Nat, n : Nat h Nat * 

A(X)m(X -> X)(n(X)) : Nat 

Paulin-Mohring has pointed out to us that these equalities justify optimizations found in various higher-or- 
der type systems. 

3.10 On erasures 

We end section 3 with a collection of examples of a somewhat different flavor. They are all examples 
of a general "erasure conjecture". Roughly, the conjecture states that two F terms having the same type in 
the same environment and having the same erasure are provably equal in 

The erasure of an F term is the untyped term obtained by erasing all its type information. Formally: 

erase(x) = x 

erase(a(b)) = erase(a)(erase(b)) 
erase(A,(x:A)a) = A,(x) erase(a) 
erase(a(A)) = erase(a) 
erase(A,(X)a) = erase(a) 

The precise formulation of the conjecture is: 
Conjecture 

If E h F a : A, E h F b : A , and erase(a) = erase(b), then: 

, a: A 
Eh* A* 
b: A 

If the conjecture holds, it gives precise evidence that Reynolds's notion of parametricity, which our for- 
mal system captures in syntax, reflects the intuition that types do not matter in computations of polymor- 
phic programs. 

Here we neither prove nor disprove the conjecture, but simply verify some instances. The first instance 
is the ^analogue of Axiom (C) considered in [Longo, Milstead, Soloviev 1993] . 

Instance 1 

Let E h F a : V(X)A , where X g A , and let E h F B and E h F C. Then: 

j a(B): A 
Eh* A* 

a(C): A 

Proof 

We show how to prove: 

a(V(X)X): A a(V(X)X) : A 

Eh A* and Eh A* 

a(B): A a(C) : A 

The desired result follows from (Rel Val Symm) and (Rel Val Saturation Lft). We derive the first judgment; 
the other derivation is similar. By the identity extension property, we have Eh* a : V(X)A. Moreover, 
(Rel FRel) yields: 

V(X)X 
E h (A(x : V(X)X)x(B)> 
B 
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We conclude using (Rel Val Appl2). 
□ 



Instance 2 

x(V(X)X): V(X)X 
x: V(X)Xh* J (V(X)X)* 
x: V(X)X 

Proof 

We start by constructing a functional relation: 

V(Y)Y 
X h (A(x : V(Y)Y)x(X)) 
X 

By applying (Rel Val 3^x) and (Rel Val Appl2 ) we get: 

x(V(Y)Y): V(Y)Y 
x : V(Y)Y, X h (A(x : V(Y)Y)x(X)> 
x(X): X 

and (Rel Val FRel Elim) leads to: 

x(V(Y)Y)(X): X 
x : V(Y)Y, X h X 

x(X): X 

The result then follows as in propositions (Constant) and (Terminal), using (Rel Val Eta2). 
□ 

A simple variant of this proof yields: 
Instance 3 

Assume that E h F a: A , with X«A, and x fresh. 

x(V(X)X)(a): V(X)X 
E, x : V(X)A -> X \- e (V(X)X) * 

A(X)x(X)(a): V(X)X 

The final instance is based on two different ways of assigning the type (V(X)X — > X) — > (V(X)X — > X) 
to the untyped term A(x) x(x) : 

Instance 4 

x(V(X)X X)(x) : V(X)Xh>X 
x: V(X)X -> X h* 1 (V(X)X->X)* 

A(X) x(X -> X)(x(X)) : V(X)X -> X 

Of course yields far more equations than the ones arising from the conjecture. For example f(A)(a) 
and f(B)(b) are equal for any f: V(X)X — > Bool , since V(X)X — > Bool contains only constant functions (see 
section 3.1). Here a and b can be any terms, of types A and B, respectively. In particular the terms f(A)(a) 
and f(B)(b) need not have the same erasure. 
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4. Conclusions 



After working with 5^for some time, we feel that it is a useful system, with reasonable syntactic proper- 
ties. In particular we are able to prove theorems and metatheorems in full generality for open terms. How- 
ever, the power of 3^, in both syntactic and semantic terms, deserves further exploration. 

In the realm of syntax, we are particularly interested in the conjecture discussed in section 3.10 that if 
two F terms have the same erasure and the same type then they are provably equal in 1^. 

As for semantics, we intend to develop a model of based on the per model of [Bainbridge, et al. 
1990]. In the standard per model, universal quantification over types is interpreted with an intersection over 
pers; in contrast, in the per model of [Bainbridge, et al. 1990], universal quantification over types is inter- 
preted with an intersection over saturated relations. This modification of the per model leads to a simple 
proof of soundness for the rules (Rel Val 2{x) and (Rel Val 5^y), and for all the other rules of . On the 
other hand, the work of Hasegawa [Hasegawa 1991] and Hyland, Robinson, and Rosolini [Hyland, 
Robinson, Rosolini 1990] suggest that the standard per model itself, or closely related ones, may validate 
those rules. 

As mentioned in the introduction, system F < . [Cardelli, et al. 1991] captures some aspects of para- 
metric ity. An extension of ^with subtyping may yield an encoding of F <: and provide a basis for studying 
parametricity in languages with subtyping. An analogous extension of a logic for parametric polymorphism 
is carried out in [Plotkin, Abadi, Cardelli 1993] . 
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Appendix 



A.l System F 



Environments 



(Env 0) (Env X) (Env x) 

h E X j dom(E) E h A x j dom(E) 

h 0 h E, X h E, x : A 



Types 

(Type X) (Type Arrow) (Type Forall) 

h E', X, E" E h A E I- B E, X h B 



E', X, E" h X EhA-)B Eh V(X)B 



Values 



(Val x) (Val Fun) (Val Fun2) 

h E', x : A, E" E, x : A h b : B E, X h b : B 



E', x : A, E" h x : A Ehl(x:A)b : A^B Eh A(X)b : V(X)B 

(Val Appl) (Val Appl2) 

Ehb : A^B Eha:A Ehb: V(X)B E h C 
Ehb(a):B E h b(C) : B{X <— C} 



Value equality 

(Val Eq Symm) (Val Eq Trans) (Val Eq x) 

Eha = b:A Eha = b:A Ehb = c:A hE', x:A, E" 



Ehb = a : A Eha = c:A E', x : A, E" h x = x : A 

(Val Eq Fun) (Val Eq Appl) 

E, x : A h b = b' : B Ehb = b' : A-^B E h a = a' : A 

EhA(x: A)b = A(x : A)b' : A -4 B E h b(a) = b'(a') : B 

(Val Eq Fun2) (Val Eq Appl2) 

E, X h b = b' : B Ehb = b' : V(X)B EhC 

EhA(X)b = A(X)b' : V(X)B Ehb(C) = b'(C) : B{X<hC} 

(Val Beta) (Val Beta2) 

E, x : A h b = b' : B Eha = a':A E, Xhb = b':B E h A 



E h (A(x : A)b)(a) = b'{x^-a'} : B E h (A(X)b)(A) = b'{X<-A} : B{X<-A} 

(Val Eta) (Val Eta2) 

Ehb = b' : A^B x£ dom(E) Ehb = b' : V(X)B X j dom(E) 
EhA(x:A)b(x) = b' : A -» B E h A(X)b(X) = b' : V(X)B 
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A.2 System^. 1 



Notation 

• We use the following metavariables: x,y,z range over value variables; X,Y,Z range over type variables; 
TV ranges over relation variables; a,b,c,d range over value terms; A,B,C,D range over type terms; fK.,S,T, 11 
range over relation terms; E ranges over environments. 

• We use the abbreviations: 



A a : A 

Eh A = Eh A* Eh a : A = Eh A* 
A a : A 

X X 

h E, X, E' = h E, X , E' E, X, E' h J = E, X , E' h J where X, X' are fresh 
X' X' 

x : A x : A 

h E, x : A, E' = h E, A* , E' E, x : A , E' h 3 = E, A* , E' h J where x' is fresh 
x': A x': A 



Environments 



(Env 0) (Env XWY) (Env xfty) 

l_ -p X,W,Y£ dom(E) £ x, y i dom(E) 

X,W,Y distinct b x,y distinct 

h 0 h E, W h E, 

Y y : B 



Related types 



(Rel W) 

X 

hE', W, E" 
Y 

X X 
E', W, E" h W 

Y Y 



(Rel <H>X) 

X 

hE', W, E" 
Y 

X 

E\ W, E" hX 
Y 



(Rel WY) 

X 

hE', W, E" 
Y 

X 

E\ W, E" h Y 
Y 



(Rel Arrow) (Rel ForaU) (Rel FRel) 

A B X B 

Eht Eh 5 E, 1C h j y^/iH E h A — > B Ehb : A^B 

A' B' X' B' * ,J> 



A -> B V(X)B A 

Eht^i Eh V/WjS E h (b) 

A'-» B' V(X*)B* B 
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Related values 



(Rel Val Symm) 

a : A 
Eh A* 

b : A 

b : A 
Eh A* 

a : A 



(Rel Val Saturation Lft) 

a : A b : A 

Eh A* Eh 

b : A c : B 

a : A 
Eh Hi 
c : B 



(Rel Val Saturation Rht) 

b : A c : B 

Eh %. Eh B* 

c : B d : B 

b : A 
Eh Hi 
d : B 



(Rel Val x^y) 

x : A 
h E* , %, , E" 

Y : B 

x : A x : A 

E' , , E" h 

y : B y : B 



(Rel Val Kjl) 

x : A 
h E* , %, , E" 
Y : B 
x : A 

E* , %, , E" h x : A 
y : B 



(Rel Val !SLy) 

x : A 
h E* , %, , E" 
y : B 
x : A 

E' , 3L , E" h y : B 
y : B 



(Rel Val Fun) 

x : A 
E, H. h 



b : B 

S 



x* : A' b' : B' 



B 

Eh S 
B 



x£b' 



A(x:A)b : A^B 
Eh 31->S 

A(x*:A*)b* : A'-> B' 



(Rel Val Appl) 

b : Ah>B 
Eh 11^5 
b' : A'^B' 



a : A 
Eh H 
a' : A' 



b(a) : B 
Eh S 

b'(a') : B' 



(Rel Val Fun2) 

X b : B 
E, W h S 
X' b' : B' 



Xib'.B'.S 
X' £b,B,5 



A(X)b : V(X)B 
E h V» 

A(X')b' : V(X')B' 



(Rel Val Appl2) 

b : V(X)B C 
E h V/WjS Eh T 

b' : V(X')B' C 

b(C) : B{X^C} 
E h SfW <- 1} 

b'(C) : B'fX'^C'} 



(Rel Val FRel Intro) 

E h b : A — > B 



E h a : A 



a : A 
Eh (b) 
b(a) : B 



(Rel Val FRel Elim) 

a : A 

Eh (b) E h b : A — > B 

c : B 

b(a) : B 
Eh B* 
c : B 



(Rel Val Beta) 

E, x : A h b : B 



Eh a : A 



(Rel Val Beta2) 

E, X h b : B 



Eh A 



(A(x:A)b)(a) : B 
Eh B* 

b{x^-a} : B 



(A(X)b)(A) : B{X^A} 
Eh B*{X<-A*} 

b{X^-A} : B{X <— A} 
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(Rel Val Eta) (Rel Val Eta2) 

Eh b : A->B x £ dom(E) Ehb: V(X)B X i dom(E) 



A(x:A)b(x) : A^B A(X)b(X) : V(X)B 

Eh (Ah>B)* Eh (V(X)B)* 

b : A^B b : V(X)B 



System 

System 3^ is obtained by removing functional relations and the corresponding rules (Rel FRel), (Rel 
Val FRel Intro), and (Rel Val FRel Elim) from system 
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A.3 Hasegawa's Paradox 

Consider the system obtained from by allowing quantification over type variables in relations, and by 
adding a notion of relation equality, with the rules: 

(Rel Eq Forall XW) (Rel Val Rel Eq) 

X B XfLB', S,S' a : A A 

E, <W h S = S' X'£B,S,S' Eh Eh t = i 

X' B' Z £dom(E) b : B B_ 

V(X)B a~7A 
E h \/(Z)S{W <- Zj = V(W)S' Eh S 

V(X*)B* b : B 

and further rules for formation of relations, introduction and elimination of quantifiers, and congruence 
rules. This is the system presented in [Abadi, Cardelli, Curien 1993] . Hasegawa has shown that this system 
is inconsistent, as follows. 

Consider the environment: 

y : Bot^X x : X -> Bot 
E = X, (f>-»X , X-»(f> 

y' : Bool->X x' : X -> Bool 

where Bot = V(X)X and f = A(z : Bot)z(Bool) : Bot -> Bool . By (Rel Val ^x) and (Rel Val !^y), we have 
E h y' : Bool — > X and E h x : X — > Bot, hence E h x(y'(true)) : Bot . By the initiality of Bot (section 
3.8), we have: 

true : Bool true : Bool 

z : Bot h Bool * so we obtain: E h Bool * 

false : Bool false : Bool 

Hence, abstracting, we obtain: 

A(X)A(y : Bot -> X)A(x : X -> Bot)true : V(X)(Bot -> X) -> (X -> Bot) -> Bool 
h V(X)«f> -> X) -> (X -> (f)) -> Bool * 

A(X)A(y': Bool -> X)A(x': X -> Bool)false : V(X)(Bool -> X) -> (X -> Bool) -> Bool 

Now (Rel Eq Forall X^) and (Rel Val Rel Eq) yield: 

A(X)A(y : Bot -> X)A(x : X -> Bot)true : V(X)(Bot -> X) -> (X -> Bot) H> Bool 
h V«((f) -> <H>) -> CH> -> (f)) -> Bool * 

A(X)A(y': Bool -> X)A(x': X -> Bool)false : V(X)(Bool -> X) -> (X -> Bool) -> Bool 

On the other hand, we have: 

Bot A(z:Bot)z : Bot -> Bot 

h <f) h (f)-»<f> 

Bool A(z': Bool)z' : Bool -> Bool 

Finally, by (Rel Val Appl2 ) and (Rel Val Appl), we reach the inconsistency: 

true : Bool 
h Bool * 
false : Bool 

We blame this inconsistency on (Rel Eq Forall XW), which equates type quantifiers and relation 
quantifiers in arbitrary relation expressions. The rules in appendix A. 2 keep the two quantifiers separate. 



Page 42 



